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BANKING AND FINANCE 





Public consultation on FinTech: a more 
competitive and innovative European 
financial sector 


Fields marked with * are mandatory. 


Introduction 





Thank you for taking the time to respond to this consultation on technology-enabled innovation in 
financial services (FinTech). Our goal is to create an enabling environment where innovative financial 
service solutions take off at a brisk pace all over the EU, while ensuring financial stability, financial 
integrity and safety for consumers, firms and investors alike. 


Please note: In order to ensure a fair and transparent consultation process only responses 
received through our online questionnaire will be taken into account and included in the report 
summarising the responses. Should you have a problem completing this questionnaire or if you 
require particular assistance, please contact fisma-fintech@ec.europa.eu. 





More information: 


® on this consultation 
® on the protection of personal data regime for this consultation 





1. Information about you 


* Are you replying as: 
Da private individual 
® an organisation or a company 


a public authority or an international organisation 


*Name of your organisation: 





DIGITALEUROPE 











Contact email address: 


The information you provide here is for administrative purposes only and will not be published 


damir.filipovic@digitaleurope.org 


*Is your organisation included in the Transparency Register? 
(If your organisation is not registered, we invite you to register here, although it is not compulsory to be 
registered to reply to this consultation. Why a transparency register?) 
@ Yes 


No 








*If so, please indicate your Register ID number: 


64270747023-20 


*Type of organisation: 


| Academic institution © Company, SME, micro-enterprise, sole trader 
Consultancy, law firm © Consumer organisation 
® Industry association © Media 
Non-governmental organisation © Think tank 
D Trade union © Other 


*Please indicate the size of your organisation: 
D less than 10 employees 
® 10 to 50 employees 
50 to 500 employees 
500 to 5000 employees 


more than 5000 employees 


*Where are you based and/or where do you carry out your activity? 


Belgium 


*Field of activity or sector (//aoolicable): 
at least 1 choice(s) 

Accounting 

Asset management 

Auditing 

Banking 

Brokerage 

Credit rating agency 

Crowdfunding 

Financial market infrastructure (e.g. CCP, CSD, stock exchange) 

Insurance 

Investment advice 

Payment service 

Pension provision 

Regulator 

Social entrepreneurship 

Social media 

Supervisor 

Technology provider 

Trading platform 

Other 

Not applicable 








HOHOOSBOARAOAAARAAAARAAARAARGEA 


Â Important notice on the publication of responses 


*Contributions received are intended for publication on the Commission’s website. Do you agree to your 
contribution being published? 


(see specific privacy statement B) 





@ Yes, | agree to my response being published under the name | indicate (name of your organisation 
/company/oublic authority or your name if your reply as an individual 


© No, | do not want my response to be published 


2. Your opinion 


1. Fostering access to financial services for consumers and 
businesses 


FinTech can be an important driver to expand access to financial services for consumers, investors and 
companies, bringing greater choice and more user-friendly services, often at lower prices. Current 
limitations in traditional financial service markets (e.g. opacity, lack of use of big data, insufficient 
competition), such as financial advice, consumer credit or insurance, may foreclose access to some 
categories of individuals and firms. New financial technologies can thus help individuals as well as 
small and medium-sized enterprises (SMEs), including start-up and scale-up companies, to access 
alternative funding sources for supporting their cash flow and risk capital needs. 


At the same time, potential redundancy of specific back-office functions or even of entire market players 
due to automation via FinTech solutions might have adverse implications in terms of employment in the 
financial industry, even though new jobs would also be created as part of the FinTech solutions. The 
latter, however, might require a different skill mix. 


Question 1.1: What type of FinTech applications do you use, how often and why? In which 
area of financial services would you like to see more FinTech solutions and why? 


Artificial intelligence and big data analytics for automated financial advice and 
execution 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 1.2: Is there evidence that automated financial advice reaches more consumers, 
firms, investors in the different areas of financial services (investment services, insurance, 
etc.)? 


D Yes 
No 


Don’t know / no opinion / not relevant 


Question 1.3: Is enhanced oversight of the use of artificial intelligence (and its underpinning 
algorithmic infrastructure) required? For instance, should a system of initial and ongoing 
review of the technological architecture, including transparency and reliability of the 
algorithms, be put in place? 


‘ Yes 
No 


Don’t know / no opinion / not relevant 


Please elaborate on your answer to whether enhanced oversight of the use of artificial 
intelligence is required, and explain what could more effective alternatives to such a system 
be. 


Question 1.4: What minimum characteristics and amount of information about the service user 
and the product portfolio (if any) should be included in algorithms used by the service 
providers (e.g. as regards risk profile)? 


Question 1.5: What consumer protection challenges/risks have you identified with regard to 
artificial intelligence and big data analytics (e.g. robo-advice)? What measures, do you think, 
should be taken to address these risks/challenges? 


Social media and automated matching platforms: funding from the crowd 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 


Question 1.6: Are national regulatory regimes for crowdfunding in Europe impacting on the 
development of crowdfunding? 


D Yes 
D No 


D Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether there are national regulatory regimes for 
crowdfunding in Europe impacting on the development of crowdfunding. Explain in what way, 
and what are the critical components of those regimes. 


Question 1.7: How can the Commission support further development of FinTech solutions in 
the field of non-bank financing, i.e. peer-to-peer/marketplace lending, crowdfunding, invoice 
and supply chain finance? 


Question 1.8: What minimum level of transparency should be imposed on fund-raisers and 
platforms? Are self-regulatory initiatives (as promoted by some industry associations and 
individual platforms) sufficient? 


Sensor data analytics and its impact on the insurance sector 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 1.9: Can you give examples of how sensor data analytics and other technologies are 
changing the provision of insurance and other financial services? What are the challenges to 
the widespread use of new technologies in insurance services? 


Question 1.10: Are there already examples of price discrimination of users through the use of 
big data? 
D Yes 
D No 


> Don’t know / no opinion / not relevant 


Please provide examples of what are the criteria used to discriminate on price (e.g. sensor 
analytics, requests for information, etc.)? 


Other technologies that may improve access to financial services 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 1.11: Can you please provide further examples of other technological applications 
that improve access to existing specific financial services or offer new services and of the 
related challenges? Are there combinations of existing and new technologies that you 
consider particularly innovative? 


2. Bringing down operational costs and increasing efficiency for 
the industry 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





FinTech has the potential of bringing benefits, including cost reductions and faster provision of financial 
services, e.g., where it supports the streamlining of business processes. Nonetheless, FinTech applied 
to operations of financial service providers raises a number of operational challenges, such as cyber 
security and ability to overcome fragmentation of standards and processes across the industry. 
Moreover, potential redundancy of specific front, middle and back-office functions or even of entire 
market players due to automation via FinTech solutions might have adverse implications in terms of 
employment in the financial industry, even though new jobs would also be created as part of the 
FinTech solutions. The latter, however, might require a different skill mix, calling for flanking policy 
measures to cushion their impact, in particular by investing in technology skills and exact science 
education (e.g. mathematics). 


Question 2.1: What are the most promising use cases of FinTech to reduce costs and improve 
processes at your company? Does this involve collaboration with other market players? 


Financial Services Institutions (FSIs) are collaborating actively with large 





and small market players in the technology sector to adapt and compete in the 





post crisis world. A fundamental shift in the technology sector in the last 





decade involves the wide-spread adoption of cloud computing services, and 





FSIs are actively exploring how to take advantage of this evolution. Fully 











deployed, cloud computing services can reduce costs and increase 


competitiveness, in particular through: 





. Cost-effective access (scalability) to greater computing power 


leading to increased availability of data and faster data processing; 





. Greater flexibility to meet changing business needs through new 





innovations such as big data analytics; 





. Quicker response to new demands and requirements of customers, 


adding value to clients; 





Er ieiendidataishari mo cle mOS Sie mors amen za tronk 


Question 2.2: What measures (if any) should be taken at EU level to facilitate the development 
and implementation of the most promising use cases? How can the EU play its role in 
developing the infrastructure underpinning FinTech innovation for the public good in Europe, 
be it through cloud computing infrastructure, distributed ledger technology, social media, 
mobile or security technology? 


Digita transfo 


emation and deployment or eloudiseryicesibyTES ISi has) been 


constrained as FSIs have sought approval from regulatory to migrate legacy 


systems or adop 


t new services, and by the different approaches taken by 


national regulatory authorities that regional banks must work with. A common 





would overcom 


EU-wide approach to cloud service deployment among regulatory authorities 








the current fragmentation of national guidelines, and bring 





much needed certainty and speed to the cloud adoption process in the 

















financial sector. Ultimately it would bring down operational costs and 
IMCECASeS CE i ciency FOr Financia llservices Institutions (HSS) Wes rarce 
therefore encouraged that the European Banking Authority (EBA) has published 











a consultation paper on 17 May with “draft recommendations on outsourcing to 


cloud-service providers”. 


We are encouraged that the European Parliament’s recent report on FinTech 





Highlights the beneravs that cloud comput nocan have sor consumers Tand 


PuLOvVAdens OR EananclalsenvTCces, and Stresses aehe meed Or ehe deployments, Of 











“clear and comprehensive European rules or guidelines and for a common 


approach to the use of cloud computing across NCAs”. We believe that a 











sami kariy pos En 


cloud services 


the ongoing 


EBA 





transformation 


ve statement from the European Commission about the use of 


in the financial sector could also help provide momentum to 


work and encourage a more appropriate pace of digital 





iia waia SeCrOE, 








Particularly in the case of distributed ledger technology, the EU should 


promote open source developments in order to facilitate collaboration and a 


wider adoption of the technology on the market. 


Question 2.3: What kind of impact on employment do you expect as a result of implementing 
FinTech solutions? What skills are required to accompany such change? 


RegTech: bringing down compliance costs 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 2.4: What are the most promising use cases of technologies for compliance 
purposes (RegTech)? What are the challenges and what (if any) are the measures that could 
be taken at EU level to facilitate their development and implementation? 


The first issue faced by market players towards regulation compliance is 


ensuring that all material needed is produced digitally in a structured way. 








This is not yet completely the case, so much is available in paper form only, 





or in unstructured PDF form only. For such fully or semi-analogue documents, 
as well as digital unstructured documents (without adequate metadata tagging 


e.g.), tools exist for converting the analogue or unstructured document, 





however this is an area of incomplete efficiency which needs to be managed. 


Recording, storing and securing data: is cloud computing a cost effective and 
secure solution? 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 2.5.1: What are the regulatory or supervisory obstacles preventing financial services 
firms from using cloud computing services? 


A variety of factors, both from the regulatory and supervisory aspect, affect 
financial services firms from using cloud computing services, including the 


lack of clarity on the regulations position, the migration process and 








security of data. FSIs will often be unwilling to use cloud computing 











services unless the requillatom has “ssued ellear qudanceS on tus use. these 
would provide clarity on how FSIs can address compliance, security and 


performance standards when engaging a cloud service provider (CSP), so that 





FSIs (and, ultimately, their end customers) can fully benefit from the 


potential of the technology while maintaining a safe, stable and secure 








financial environment. To accompany the guidelines, the regulator should 





encourage adopting a best practice ‘checklist’ for FSIs when working with 











CPS. Also, any guidance issued must be harmonized at EU level 


Question 2.5.2: Does this warrant measures at EU level? 


© Yes 
No 


Don’t know / no opinion / not relevant 
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Please elaborate on your reply to whether the regulatory or supervisory obstacles preventing 
financial services firms from using cloud computing services warrant measures at EU level. 


According to the Queen Mary 2016 Study on “Use by Banks of Cloud Computing: 





An Empirical Study”, despite outsourcing/cloud guidance having been issued by 





for example, the Netherlands, Spain, Greece and Finland, there are similar 








but different rules everywhere. If fragmented approaches continue, this poses 


a risk to the development of innovative financial technologies and clashes 





with the goal of building a Digital Single Market in Europe. 


https://papers.ssrn.com/sol3/papers.cfim?abstract_id=2856431## 


Question 2.6.1: Do commercially available cloud solutions meet the minimum requirements 
that financial service providers need to comply with? 


@ Yes 
D No 


Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether commercially available cloud solutions do meet the 
minimum requirements that financial service providers need to comply with. 


Commercially available cloud solutions are available that meet minimum 


requirements FSIs need to comply with, and can help with ensuring smooth 





compliance with financial regulation and beyond (for e.g. privacy 





regulations). FSIs that use cloud computing services also have certainty that 
their systems are running the very latest versions of software, avoiding 
“version lag”, where systems may be operating one or two software releases 


bpenindithef most current Vers ons anc mols may thusibelkcexposeditola hug hier. 





risk of security threats or vulnerability issues. By using cloud computing 
services, FSIs can exploit far greater computing power, achieve greater 


availability and resilience of data, and improve levels of security even as 





they reduce their IT costs compared to on premise delivery models. 


Further on security, certification is an important benchmark used by 


Financial Regulators in measuring security standards. There is currently no 





SHG ewe COgmes Sc deeENGUIS tiny eert i cationi specii e ally er Or C loud Serv Ces: 
However, ISO 27001 is generally considered the most appropriate certification 
given the high benchmark that CSPs must meet to achieve and maintain it. 
Other CSP certifications, whilst not specifically relevant to FIs, can be 
indicative of industry best practice and should also be taken into 


consideration (for example ISO 27018). 


Question 2.6.2: Should commercially available cloud solutions include any specific contractual 
obligations to this end? 


D Yes 
| No 


D Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether commercially available cloud solutions should 
include any specific contractual obligations to this end. 


Disintermediating financial services: is Distributed Ledger Technology (DLT) the 
way forward? 
Please refer to the corresponding section of the consultation document W to read some contextual 


information before answering the questions. 


Question 2.7: Which DLT applications are likely to offer practical and readily applicable 
opportunities to enhance access to finance for enterprises, notably SMEs? 


Question 2.8: What are the main challenges for the implementation of DLT solutions (e.g. 
technological challenges, data standardisation and interoperability of DLT systems)? 
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Question 2.9: What are the main regulatory or supervisory obstacles (stemming from EU 
regulation or national laws) to the deployment of DLT solutions (and the use of smart 
contracts) in the financial sector? 


Outsourcing and other solutions with the potential to boost efficiency 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 2.10: Is the current regulatory and supervisory framework governing outsourcing an 
obstacle to taking full advantage of any such opportunities? 


Yes 
No 


Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether the current regulatory and supervisory framework 
governing outsourcing is an obstacle to taking full advantage of any such opportunities. 








The EU framework governing outsourcing needs to acknowledge the differenc 
between custom outsourcing versus hyperscale cloud solutions, which are the 
infrastructure and provisioning needed in distributed computing environments 
BOr Teh heCbirclky wScalaing Hroni Several servers sco; thousands Or Servers inia 


multi-tenant infrastructure. Second, different approaches currently exist 





across Member States; either there are no publicly available positions on 





cloud computing or they fall under outsourcing activities. Third, the FSI and 
CSP should have flexibility to assess what access to data and business 


premises is required for a specific outsourcing arrangement. This is in line 





with a risk-based and proportionate approach to risk management and considers 





the broader legal framework including the Markets in Financial Instruments 


Directive (MiFID). 


Question 2.11: Are the existing outsourcing requirements in financial services legislation 
sufficient? 


Yes 
No 


Don’t know / no opinion / not relevant 
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Please elaborate on your reply to whether the existing outsourcing requirements in financial 
services legislation are sufficient, precising who is responsible for the activity of external 
providers and how are they supervised. Please specify, in which areas further action is 
needed and what such action should be. 








A common EU-wide approach would overcome the current fragmentation of 





national guidelines, and bring much needed certainty and speed to the cloud 








adoption process in the financial sector. In addition, existing legislation 





including MIFID, the NIS Directive and the General Data Protection Regulation 


provide the necessary framework for outsourcing. 


FSI and CSP responsibilities do not finish at the point that a contract is 








signed but that FSIs continue to be vigilant in compliance throughout the 





contract lifecycle. Financial Regulators recognise that FSIs may need to 





outsource certain services but they make it clear that FSIs cannot outsource 





their primary responsibility relating to risk and compliance. 





Other technologies that may increase efficiency for the industry 


Question 2.12: Can you provide further examples of financial innovations that have the 
potential to reduce operational costs for financial service providers and/or increase their 
efficiency and of the related challenges? 


3. Making the single market more competitive by lowering 
barriers to entry 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 
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A key factor to achieving a thriving and globally competitive European financial sector that brings 
benefits to the EU economy and its society is ensuring effective competition within the EU single 
market. Effective competition enables new innovative firms to enter the EU market to serve the needs 
of customers better or do so at a cheaper price, and this in turn forces incumbents to innovate and 
increase efficiency themselves. Under the EU Digital Single Market strategy, the EU regulatory 
framework needs to be geared towards fostering technological development, in general, and supporting 
the roll-out of digital infrastructure across the EU, in particular. Stakeholder feedback can help the 
Commission achieve this goal by highlighting specific regulatory requirements or supervisory practices 
that hinder progress towards the smooth functioning of the Digital Single Market in financial services. 
Similarly, such feedback would also be important to identify potential loopholes in the regulatory 
framework that adversely affect the level playing field between market participants as well as the level 
of consumer protection. 


Question 3.1: Which specific pieces of existing EU and/or Member State financial services 
legislation or supervisory practices (if any), and how (if at all), need to be adapted to facilitate 
implementation of FinTech solutions? 


For cloud, the largest barriers are: 





. Lack of clarity from the supervisor: European FSIs and the 











technology services they use operate across borders in the EU, while the 





supervision of the use of cloud services by European banks is a national 


responsibility. While some Member States provide detailed guidance in this 








area, others are not engaged at all on such issues. Unless the supervisor 





offers detailed specific guidance, banks will remain reluctant to use cloud 





services to support core business functions and analytics. 





. Right to access/ audit: Under the EU Markets in Financial 





Instruments Directive (MIFID), financial institutions have to enable 





“effective access to data” for national supervisors for audit purposes - and 
in cases of serious regulatory breaches. It is often unclear to national 
supervisors, however, whether this means strictly physical access or not and 
the default supervisory position is a preference data to be stored on the 
bank’s premises. 


. Dare Oge teewrtoni Cecin enee iese TeSriter ioie CS PrSSeNe EOT 





banks in some EU Member States (Germany, Luxembourg) but not in others 





(Netherlands) resulting in fewer service options and higher costs where they 


are present. 





We believe that harmonised EU guidelines for the financial sector on how to 





migrate to and use cloud computing services can go a long way to overcoming 


these barriers, and facilitate the implementation of cloud computing 








solutions in the financial sector. In our view, a Commission-backed 








Lega stakuve Measure On SWOV Cewe locales alewOnwGe Ss teal erion ke las'© 





necessary. 


Question 3.2.1: What is the most efficient path for FinTech innovation and uptake in the EU? 


Question 3.2.2: Is active involvement of regulators and/or supervisors desirable to foster 
competition or collaboration, as appropriate, between different market actors and new 
entrants? 


| Yes 
© No 


Don’t know / no opinion / not relevant 
FinTech has reduced barriers to entry in financial services markets 
Please refer to the corresponding section of the consultation document k to read some contextual 


information before answering the questions. 


But remaining barriers need to be addressed 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 3.3: What are the existing regulatory barriers that prevent FinTech firms from scaling 
up and providing services across Europe? What licensing requirements, if any, are subject to 
divergence across Member States and what are the consequences? Please provide the 
details. 
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Question 3.4: Should the EU introduce new licensing categories for FinTech activities with 
harmonised and proportionate regulatory and supervisory requirements, including 
passporting of such activities across the EU Single Market? 


W Yes 
© No 


| Don’t know / no opinion / not relevant 


Question 3.5: Do you consider that further action is required from the Commission to make the 
regulatory framework more proportionate so that it can support innovation in financial 
services within the Single Market? 


D Yes 
| No 


D Don’t know / no opinion / not relevant 


Question 3.6: Are there issues specific to the needs of financial services to be taken into 
account when implementing free flow of data in the Digital Single Market? 


@ Yes 
| No 


D Don’t know / no opinion / not relevant 
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Please elaborate on your reply to whether there are issues specific to the needs of financial 
services to be taken into account when implementing free flow of data in the Digital Single 
Market, and explain to what extent regulations on data localisation or restrictions on data 
movement constitute an obstacle to cross-border financial transactions. 


Data localization mandates present a major obstacle. They take many forms, 


including regulations, administrative requirements, procurement policies, and 





regulatory guidance. They also include, for example, laws based on national 





security requirements (e.g. for classified data), company record laws, and 








archival requirements (requiring storage of records in a specific institution 








inside a country). Many are sector-based, and notably apply to the financial 


services sector. 


ihe mewn organ or such data local ization mandates an they fananeral) Sector 





seem to be the outsourcing rules for financial institutions, included in 





financial legislation, notably MiFID, or guidance by regulators (e.g. EBA’s 








2006 Outsourcing guidelines), which mandate audit- and “effective access” 











rights to regulators. Whether the meaning of “effective access” is restricted 





to physical access only has been a question of great importance. More 





effective than changing financial regulation, would be the removal of 


unjustified data localization requirements, as it would send a clear signal 





Bo both ther famancaal) sector and sequllavoms. 


Another important factor that needs to be taken into account when considering 


the free flow of data are the local laws used by law enforcement authorities 





(LEAs) to access data. Some customers are concerned that storing data in 





another country could subject their data to law enforcement access in that 
country. In this regard, data flows are inhibited by the lack of certainty 


about foreign law enforcement capabilities, not only by localization 








requirements put in place for law enforcement reasons in the customer’s home 


Soumya. 


Question 3.7: Are the three principles of technological neutrality, proportionality and integrity 
appropriate to guide the regulatory approach to the FinTech activities? 


Yes 
No 


© Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether the three principles of technological neutrality, 
proportionality and integrity are or not appropriate to guide the regulatory approach to the 
FinTech activities. 


Role of supervisors: enabling innovation 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 3.8.1: How can the Commission or the European Supervisory Authorities best 
coordinate, complement or combine the various practices and initiatives taken by national 
authorities in support of FinTech (e.g. innovation hubs, accelerators or sandboxes) and make 
the EU as a whole a hub for FinTech innovation? 


Question 3.8.2: Would there be merits in pooling expertise in the ESAs? 
© Yes 
| No 


D Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether there would be merits in pooling expertise in the 
European Supervisory Authorities. 
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Question 3.9: Should the Commission set up or support an "Innovation Academy" gathering 
industry experts, competent authorities (including data protection and cybersecurity 
authorities) and consumer organisations to share practices and discuss regulatory and 
supervisory concerns? 


D Yes 
| No 


D Don’t know / no opinion / not relevant 


Question 3.10.1: Are guidelines or regulation needed at the European level to harmonise 
regulatory sandbox approaches in the MS? 


D Yes 
| No 


D Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether guidelines or regulation are needed at the European 
level to harmonise regulatory sandbox approaches in the MS? 


Question 3.10.2: Would you see merits in developing a European regulatory sandbox targeted 
specifically at FinTechs wanting to operate cross-border? 


D Yes 
| No 


D Don’t know / no opinion / not relevant 


Question 3.11: What other measures could the Commission consider to support innovative 
firms or their supervisors that are not mentioned above? 


Role of industry: standards and interoperability 
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Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 3.12.1: Is the development of technical standards and interoperability for FinTech in 
the EU sufficiently addressed as part of the European System of Financial Supervision? 


| Yes 
D No 


l Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether the development of technical standards and 
interoperability for FinTech in the EU is sufficiently addressed as part of the European 
System of Financial Supervision. 


Question 3.12.2: Is the current level of data standardisation and interoperability an obstacle to 
taking full advantage of outsourcing opportunities? 


© Yes 
| No 


D Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether the current level of data standardisation and 
interoperability is an obstacle to taking full advantage of outsourcing opportunities. 
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Question 3.13: In which areas could EU or global level standards facilitate the efficiency and 
interoperability of FinTech solutions? What would be the most effective and competition- 
friendly approach to develop these standards? 


Question 3.14: Should the EU institutions promote an open source model where libraries of 
open source solutions are available to developers and innovators to develop new products 
and services under specific open sources licenses? 


@ Yes 
D No 


Don’t know / no opinion / not relevant 


Please elaborate on your reply to whether the EU institutions should promote an open source 
model where libraries of open source solutions are available to developers and innovators to 
develop new products and services under specific open sources licenses, and explain what 
other specific measures should be taken at EU level. 





The EU should indeed promote open source models and encourage the development 





of libraries of open source solutions. 


Challenges 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 
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Question 3.15: How big is the impact of FinTech on the safety and soundness of incumbent 
firms? What are the efficiencies that FinTech solutions could bring to incumbents? Please 
explain. 


A large number of incumbent firms are today collaborating with FinTech firms 


to offer innovative services to their customers, gain market share, as well 





as to reduce development and operating costs. 


4. Balancing greater data sharing and transparency with data 
security and protection needs 


Please refer to the corresponding section of the consultation document W to read some contextual 
information before answering the questions. 





Question 4.1: How important is the free flow of data for the development of a Digital Single 
Market in financial services? Should service users (i.e. consumers and businesses 
generating the data) be entitled to fair compensation when their data is processed by service 
providers for commercial purposes that go beyond their direct relationship? 








Removing data localisation restrictions within the EU Digital Single Market 


would stimulate innovation in the financial sector. 





Moving on to other issues, such as data access, re-use, and ownership, as 


with the technologies used to analyze and re-use data, the data market itself 





is nascent but it is already characterized by tremendous innovation in 


business models. 


In any case, data sharing should be subject to the owner’s explicit 


permission. 


Storing and sharing financial information through a reliable tool 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 
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Question 4.2: To what extent could DLT solutions provide a reliable tool for financial 
information storing and sharing? Are there alternative technological solutions? 





Businesses could use DLT to retain required customer information. But unlike 





current technology, DLT can help businesses access information in the ledger 


and provide trusted evidence of the information without actually sharing 





sensitive data. Given the sensitive nature Of Customer anmrormatton, legal 


mandates require protecting the information and notifying customers if that 





confidentiality has been breached. Blockchain solutions can be designed to 
store such sensitive information off of the chain and leverage the blockchain 
to retain the trusted evidence and secure access information to the off-chain 


data. In addition to cryptography, DLT creates a time-stamped record that 





once established cannot be changed. For example, once originally created, 





even appropriately authorized operational personnel cannot change existing 


customer information in the ledger. Instead, if a customer’s name, address, 





or investment objectives change, the updated information can only be appended 
to the existing record in a new record (or a chain), thereby creating an 


automatic, comprehensive audit trail. 


DLT can also grant auditors and regulators permission to see information 








relevant to their respective oversight roles. Also on the same ledger, DLT 





can grant a customer permission to a channel to view his or her account or 
transaction records without seeing information stored on the ledger about 
other customers. This ability for customers to access immutable records of 


their transactions better protects investors, eliminating the need that 











exists today to rely on intermediaries or other market participants for 


essentially anroOcmabLon en AS Such, tthe ledger by design reduces, layers ior 





intermediation and thereby decreases costs to investors. 








Using “smart contracts” the DLT can build-in requirements to notify customers 
when information changes in their account records or at specified intervals 


to fulfil regulatory requirements. And depending on the design of the 








specific DLT solution, the record could be retained for predetermined periods 





of time-to fulfil mandated retention requirements—or indefinitely. 


Question 4.3: Are digital identity frameworks sufficiently developed to be used with DLT or 
other technological solutions in financial services? 


Yes 
D No 


Don’t know / no opinion / not relevant 
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Please elaborate on your reply to whether digital identity frameworks are sufficiently developed 
to be used with DLT or other technological solutions in financial services. 


Question 4.4: What are the challenges for using DLT with regard to personal data protection 
and how could they be overcome? 


Data needs to be stored in many places for a holistic DLT solution, ranging 








from data within the ledger, to databases, to elements stored off the 
ledger. Careful analysis of the data types, data classifications and 
associated policies is critical. Storing SPI/PI data on the ledger could be 


problematic especially given the GDPR’s “right to forgotten” which is 





orthogonal to DLT immutability. Nevertheless, there are solutions being 





tested on the market including separately SPI/PI from transaction data, and 





maintaining a hash reference between the two. 





The power of big data to lower information barriers for SMEs and other users 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 4.5: How can information systems and technology-based solutions improve the risk 
profiling of SMEs (including start-up and scale-up companies) and other users? 


Question 4.6: How can counterparties that hold credit and financial data on SMEs and other 
users be incentivised to share information with alternative funding providers ? What kind of 
policy action could enable this interaction? What are the risks, if any, for SMEs? 


Security 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 4.7: What additional (minimum) cybersecurity requirements for financial service 
providers and market infrastructures should be included as a complement to the existing 
requirements (if any)? What kind of proportionality should apply to this regime? 


Question 4.8: What regulatory barriers or other possible hurdles of different nature impede or 
prevent cyber threat information sharing among financial services providers and with public 
authorities? How can they be addressed? 
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Question 4.9: What cybersecurity penetration and resilience testing in financial services should 
be implemented? What is the case for coordination at EU level? What specific elements 
should be addressed (e.g. common minimum requirements, tests, testing scenarios, mutual 
recognition among regulators across jurisdictions of resilience testing)? 


Other potential applications of FinTech going forward 


Please refer to the corresponding section of the consultation document k to read some contextual 
information before answering the questions. 





Question 4.10.1: What other applications of new technologies to financial services, beyond 
those above mentioned, can improve access to finance, mitigate information barriers and/or 
improve quality of information channels and sharing? 


Question 4.10.2: Are there any regulatory requirements impeding other applications of new 
technologies to financial services to improve access to finance, mitigate information barriers 
and/or improve quality of information channels and sharing? 


D Yes 
D No 


l Don’t know / no opinion / not relevant 
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Please elaborate on your reply to whether there are any regulatory requirements impeding 
other applications of new technologies to financial services to improve access to finance, 
mitigate information barriers and/or improve quality of information channels and sharing? 


3. Additional information 


Should you wish to provide additional information (e.g. a position paper, report) or raise specific points 
not covered by the questionnaire, you can upload your additional document(s) here: 


Useful links 


More on the Transparency register (http://ec.europa.eu/transparencyregister/public/homePage.do?locale=en 





Consultation details (http://ec.europa.eu/info/finance-consultations-2017-fintech_en) 





Specific privacy statement (https://ec.europa.eu/info/sites/info/files/201 7-fintech-specific-privacy-statement_en.pd 





Contact 


fisma-fintech@ec.europa.eu 
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